`read_user` does not seem to be respected, even when configured as an app scope
read_user does not seem to be respected, even when configured as an app scope
Possible duplicate of #214414 (closed); but I don't know, so filing a new issue just in case.
Steps to reproduce
- Go to https://lists.strugee.net/accounts/login/?next=/postorius/lists/
- Click the GitLab button to sign in
- If necessary, sign into GitLab so you get the authorization screen
What is the current bug behavior?
The authorization screen says "This application will have access to:" and then has nothing (i.e., an empty list). Additionally, when I'm redirected back to lists.strugee.net, I get an error. I can't find the exact JSON error response in the logs and I don't feel like hacking up the app to output it (I'm deploying other people's code) but it seems pretty clear that GitLab did not grant access to the user email.
Note that if I additionally enable the
read_api scope the same thing happens, but if I enable the
api scope (for a total of 3 enabled scopes), then things work correctly - the authorization screen shows the correct scope, and the login to lists.strugee.net works.
What is the expected correct behavior?
I should see the correct scope listed in the authorization screen, and the application should be granted access to the user's public information.
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com